public IHttpActionResult ForgotPassword(ActivationRequest request)
{
try
{
var user = DbUtilities.GetUserByEmail(request.Email);
if (user != null)
{
string validStatus = ValidationUtilities.ValidateForActivation(request, user, true);
if (validStatus == Constants.SUCCESS_MSG)
{
User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
//if (IsPasswordCorrect(request.Password, account))
// return BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString());
byte[] pwdhash = AuthorizationUtilities.hash(request.Password, account.Salt);
// account.UpdatedAt = DateTime.UtcNow;
account.ModifiedBy = request.Email;
account.IsActivated = true;
account.OTPCode = "";
//add the new password to the database
account.Password = pwdhash;
account.PwdStartDate = DateTimeOffset.UtcNow;
account.IsLocked = false;
_context.SaveChanges();
return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_UPDATED.ToString())));
}
else
{
return(BadRequest(validStatus));
}
}
else
{
//user doesn't exists
return(BadRequest(ErrorCodes.INVALID_USER.ToString()));
}
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}
